8:45 am - 9:00 am
PT
3:45 pm - 4:00 pm UTC | Opening Remarks |
9:00 am - 9:45 am
PT
4:00 pm - 4:45 pm UTC | Keynote | To be announced David Westin, Vice President, OS Security and Enterprise, Microsoft
Show More
|
9:00 am - 12:00 pm
PT
4:00 pm - 7:00 pm UTC | Workshops | In-Person Only Workshop | Context Aware Phishing Emails Abstract As artificial intelligence continues to evolve, bad actors are increasingly adopting AI-driven technologies to bolster their approach to social engineering. Among these threats, context-based phishing emails stand out for their ability to exploit publicly available information about their target to dramatically improve their credibility and efficacy. This workshop, aimed at cybersecurity professionals, will explore how GPT models can dynamically generate personalized phishing campaigns. Participants will start with a discussion about key AI tools used in phishing campaigns and an introduction to the attack space. They will then be guided through setting up a custom assistant and tuning it for context-aware attacks. This all culminates in a real-world simulation, allowing the participants to observe and refine their tools in real time. By the end of the session, attendees will understand how AI enhances phishing attacks and be better equipped to detect, emulate, and mitigate these evolving threats.
Show More
|
9:45 am - 10:00 am
PT
4:45 pm - 5:00 pm UTC | Break |
10:00 am - 10:35 am
PT
5:00 pm - 5:35 pm UTC | Leveraging AI for Attack In this presentation, attendees will explore the darker side of Artificial Intelligence (AI) and its potential to enable sophisticated cyber threats. We will examine how AI is being leveraged in the wild, shedding light on the design and execution of advanced attacks. I will demonstrate how GenAI can be used to craft intricate attack vectors capable of disrupting critical infrastructure by causing systems to deviate from their normal behaviour. The session will delve into how AI automates the creation and optimization of these attacks, targeting the most vulnerable aspects of a system to maximize damage. Attendees will gain a deep understanding of AI-driven attack methodologies and their implications for critical infrastructure security, illustrated through OT system as a case study.
Show More
|
10:40 am - 11:15 am
PT
5:40 pm - 6:15 pm UTC | Where's the Money: Defeating ATM Disk Encryption Holding upwards of $400,000, ATMs continue to be a target of opportunity and have seen over a 600% increase in crime in the last few years. Over the last four years, I have conducted research with another colleague into the enterprise ATM industry which resulted in the discovery of 6 zero-day vulnerabilities in Diebold Nixdorf's Vynamic Security Suite (VSS), the most prolific ATM security solution in the market. 10 minutes or less is all that a malicious actor would need to gain full control of any system running VSS via offline code injection and enable decryption of the primary Windows OS. Diebold Nixdorf is one of three major North American enterprise class ATM manufacturers with a global presence in the financial, casino/gaming, and point-of-sale markets. Similar attack surfaces are currently being used in the wild and impact millions of systems across the globe. Furthermore, VSS is know to be present throughout the US gaming industry, including most of the ATM/cash-out systems across Vegas.
This session will explore the technical intricacies of this research, review the convoluted ATM market, and reveal the discovery process of these zero-day vulnerabilities. The Full Disk Encryption module of VSS conducts a complex integrity validation process to ensure a trusted system state. Executed in a layered approach during system initialization. Examination of the inner workings of this process will highlight various deficiencies, each demonstrated through PoC exploitation.
Each vulnerability presented in this session has been observed to have recursive impact across all major versions of VSS and represents a systemic ongoing risk. We will examine root-cause, vendor remediation steps, and short-comings thereof – perpetuating the attack narrative. In conclusion, proper mitigation techniques and procedures will be covered, providing valuable insights into defending against potential compromise.
Show More
|
11:20 am - 11:55 am
PT
6:20 pm - 6:55 pm UTC | What Hacking the Planet Taught Us About Defending Supply Chain Attacks It is commonly said that experience is the greatest teacher, however it can be easily missed the nuance that experience in one domain can have an impact in a completely different domain. Through over a decade of working with offensive operations we have gain a unique perspective on what it is needed for attackers to leverage the software supply chain to cause havoc. This talk will be a story first presentation where we discuss experiences we have had and how they translate into proactive approach to ensuring supply chain attacks have a minimum impact on our organizations.
Show More
|
12:00 pm - 1:00 pm
PT
7:00 pm - 8:00 pm UTC | Lunch |
1:00 pm - 1:35 pm
PT
8:00 pm - 8:35 pm UTC | Attacking and defending Microsoft Entra, 2024 Edition Attacks to Identity Providers (IdP) are constant and ever changing. Detecting and protecting against the latest threats is a must for any organization. In this session, we will cover some of the latest attacks we see against Microsoft Entra ID, formerly known as Azure Active Directory, and the best practices and defenses for detecting and preventing these attacks. You will leave with an actionable list of Go Do’s to ensure your organization is detecting and preventing these latest attacks.
Show More
|
1:00 pm - 4:00 pm
PT
8:00 pm - 11:00 pm UTC | Workshops | In-Person Only Workshop | Deep Fake Workshop Abstract As deep learning and artificial intelligence technologies have progressed, accessing highly sophisticated video and audio deep fake software has become much easier. Unsurprisingly, attackers have progressively started to adopt these technologies to further the efficacy of their social engineering campaigns. This has left cybersecurity professionals with a glaring question: what do we do when we can no longer trust our eyes and ears? This workshop is for cybersecurity professionals who want to answer that question.Participants will explore the technologies behind deep-fake creations, the methodologies used to weaponize them, and how to prepare the end users for their existence. By the end of the workshop, participants will have gained: - A deeper technical understanding of the capabilities and limitations of deep fake software.
Join us to equip yourself with the knowledge and tools necessary to navigate a landscape where seeing isn't always believing.
Show More
|
1:40 pm - 2:15 pm
PT
8:40 pm - 9:15 pm UTC | Redefining Security Boundaries: Unveiling Hypervisor-Backed Security Features For Windows Security Connor McGarr, Software Engineer III, Endpoint Protection (EPP), CrowdStrike For better (or for worse) it is no secret that for several years now the "latest hotness" has become so-called "Bring Your Own Vulnerable Driver (BYOVD) attacks". However, many of the blogs and proof-of-concept projects in the public domain almost always work under the assumption that kernel privileges allow unfettered access to all system resources. The truth of the matter, on the other hand, is that when properly implemented many of the tried-and-true techniques used to generate executable kernel memory, patch-out code in system-monitoring tools, arbitrarily call kernel-mode APIs, disable driver signing requirements, and many other actions are not possible with the hypervisor-based Windows security features enabled, which implement another security boundary on Windows (all of which are baked right into the Windows OS by default!). This talk will aim to: - Explore the "legacy kernel exploitation scenarios"
- Briefly examine the underlying technologies backing many of these features, such as Second Layer Address Translation (SLAT)
- Dive into the NT kernel's basic interfacing mechanism with the Secure Kernel
- Provide brief insight into the various security features backed by the hypervisor, such as Kernel Control Flow Guard (KCFG) and Kernel Control Flow - Enforcement Technology (KCET), Kernel Data Protection, Hypervisor-Protected Code Integrity (HVCI),
- Secure Pool, Credential Guard, and Secure Kernel Patch Guard
Show More
|
2:15 pm - 2:30 pm
PT
9:15 pm - 9:30 pm UTC | Break |
2:30 pm - 3:05 pm
PT
9:30 pm - 10:05 pm UTC | Very Pwnable Networks: Exploiting the Top Corporate VPN Clients for Remote Root and SYSTEM Shells Have you ever been migrated to a new corporate VPN endpoint? What if you were told to connect to something that wasn't a real VPN endpoint at all? What's the worst that could happen? In this session, we show how just one click can allow an attacker to gain remote code execution and escalate privileges on both Windows and macOS. We take a look at corporate SSL-VPN clients to see what happens when you can encourage, or force, them to connect to a malicious server. We'll go through the general methodology applied to reversing the VPN protocols for some of the most widely used clients and end with everyone's favourite thing: Remote Root and SYSTEM shells. We'll be diving into how the trust relationship between the VPN client and server works, and how it can be abused to trick the client into changing settings, performing updates, and ultimately running arbitrary code in a privileged context. As these techniques use legitimate VPN functionality, they're hard to patch, but we'll give the audience mitigations that they can apply immediately if they're running one of the affected products, and practical advice that applies generally to VPN client products. The presentation will include demos of exploitation of four major VPN clients, across Windows and macOS operating systems - some of which can be triggered by simply visiting a malicious website. We'll leave you with an open-source exploit framework that automatically identifies and exploits any of the affected VPN clients that connect to it, and suggestions of how this can be utilised effectively in offensive security operations. Our talk aims to provide our audience with the following 3 takeaways: 1. Communication between a VPN client and server is worth exploring as a novel and previously underexplored attack surface and is likely to be a fruitful area for further research and investigation beyond the scope of this talk 2. VPN clients are trusting and subservient to the VPN server's instructions, and end-user builds and VPN configurations should be hardened to prevent connections to unknown VPN endpoints - this sounds relatively obvious but across the vast majority of our attack simulation engagements this has not been the case, so this talk aims to highlight the risk of this configuration and raise awareness of the possible mitigations 3. Awareness of this technique (RCE via rogue VPN servers/targeting VPN clients remotely) is currently low despite its potential for significant impact, and attendees of this presentation should feel empowered to help change this. Offensive security practitioners should be better able to introduce this type of attack into their attack simulation exercises, and defenders should be better equipped to identify, detect, and respond to these challenges as and when they happen.
Show More
|
3:10 pm - 3:45 pm
PT
10:10 pm - 10:45 pm UTC | Silent Invaders. Revealing the Dark Web's IoT Army In the dynamically evolving cyber landscape, organizations need to prioritize their strategic and tactical security requirements concerning Internet of Things (IoT). With the proliferation of IoT devices, their vulnerability to cyber threats is markedly intensified, elevating them as prime targets for cybercriminals. IoT devices with their interconnected nature and vulnerabilities are attractive entry points for cybercriminals. They are highly desirable targets since they often represent a single point of vulnerability that can impact numerous victims simultaneously. IoT devices have become valuable assets in the on the dark web, as the value of a compromised device is often greater than the retail price of the device itself. Adversarial AI is amplifying risks. This paper addresses the critical vulnerabilities within IoT infrastructure, emphasizing the imperative need for a zero-tolerance security across the entire IoT supply chain.
Show More
|
3:45 pm - 4:00 pm
PT
10:45 pm - 11:00 pm UTC | Wrap-Up |
5:00 pm - 8:00 pm
PT
12:00 am - 3:00 am UTC | HackFest Summit Night Out In-Person OnlyA private studio tour through Universal’s Famous Backlot followed by a reception at Margaritaville! You’ll have the chance to unwind and explore with your HackFest Chairs, speakers, and fellow attendees.
Show More
|